I was reading Richard Stiennon’s blog the other day titled “Stay calm people. Cyber crime does not reap $1 Trillion in profits“. In that article, Richard Stiennon stated he would be surprised if the amount actually exceeded $1 billion.
I for one am not sure what the total amount actually is, but I decided to do just a few hours of research anyways. I must admit, going into this research I believed the value to be much more than $1 billion. I’ll go ahead and share the results of my research and let you be the judge though.
Here’s an article from Eweek on this subject: http://www.eweek.com/c/a/Security/Cybercrime-Internet-Fraud-on-Upswing-as-Lawmakers-Discuss-Strategy-263851/
“A recent report by Finjan on the market for rogue anti-virus products estimated revealed a group of cyber-crooks running a rogueware affiliate network had hauled in an average of $10,800 a day in profits.”
So, with that estimate, we’re at about $3.9 million or $10,800 x 365 days in a year.
Also in that article: “Based on posts on various hacking forums we found that 1,000 bots (infected computers) are rented for $100-$200 per day,’ said Finjan CTO Yuval Ben-Itzhak.”
So, let’s conservatively say it’s $125 for simplicity: 1,000 bots x $125/day x 365 days in a year = $45.6 million. This brings our running total to $49.5 million.
Next, the IC3 (Internet Crime Complaint Center) released a report stating the dollar loss as result of cybercrime was $265 million. This includes a variety of fraud types including non-delivery of merchandise. — http://www.ic3.gov/media/2009/090331.aspx
Running total: $314.5 million.
Now a big one pops up pertaining to intellectual property losses. This is debatable as to if it should be included or not, but I think it should be since IP does have value. (http://www.lafayette-online.com/science-technology/2009/03/cybercrime-increase/) — Article states that McAfee “found that companies lost an estimated $4.6 billion in intellectual property last year as a result of cybercrime.”
Running total: $4.9 billion
Also, in just one case, authorities caught 4 men accused of hacking into a Calgary company’s computer system and stealing $1.8 million. http://www.crime-research.org/news/09.05.2008/3559/
Running total: $4.9 billion+
Finally, I analyzed data published at http://datalossdb.org/yearly_reports/dataloss-2008.pdf. According to their reports, there was at least 20 million credit card numbers compromised last year. A number of articles online suggest the cost to financial institutions varies wildly for each card stolen or lost. I’ve found claims of anywhere between $2 and $4 per card. So, with at least $20 million cards lost as result of cybercrime alone, and a conservative number $2.50 per card, that value would be $50 million.
With only using just the above that I found in just a few hours of research online, you can easily see how this number can grow. We’re already near $5 billion and definitely near if not over the $1 billion even if you want to lower the value of intellectual property stolen. Next, I’m sure we could come up with a number of VOIP phone systems that were compromised and rang up millions in long distance transactions. Then, we can throw in unreported estimates, fees paid to developers to write exploits, extortion amounts, etc. The list goes on, but I do believe this to be at least in the billions if not tens of billions of dollars. I do have to agree, however, that I doubt it to be into the $1 trillion territory.